Public IP addresses (Usable vs. non-usable)
This is more a theory question than a problem.
We have a full T-1 line setup with SBC. We also have our configuration sheet that tells us our block of static IP addresses, DNS servers, etc.
My question is about the block of 50 static IP addresses. Our router is assigned only one of these IP addresses. If the other 49 static IP addresses are non-usuable what are they for? The router can only be configured for one public IP address. All traffice comes in through the one usable IP address and the router sends the traffic to our inside network (exchange, domain controller, etc). How do you use the other 49 non-usable public IP addresses?
I don't understand why we would have 50 static IP addresses if we can only use one of them. I'm sure in my confusion I'm not asking the right questions. I hope someone can shed some light on this for me.
We have a full T-1 line setup with SBC. We also have our configuration sheet that tells us our block of static IP addresses, DNS servers, etc.
My question is about the block of 50 static IP addresses. Our router is assigned only one of these IP addresses. If the other 49 static IP addresses are non-usuable what are they for? The router can only be configured for one public IP address. All traffice comes in through the one usable IP address and the router sends the traffic to our inside network (exchange, domain controller, etc). How do you use the other 49 non-usable public IP addresses?
I don't understand why we would have 50 static IP addresses if we can only use one of them. I'm sure in my confusion I'm not asking the right questions. I hope someone can shed some light on this for me.
Couple ways to do this:
1. If you are using NAT on the router, the block of public IP addresses would be used for one to one NAT. An internal server would be assigned a static private IP address and a one to one NAT would be setup on the router associating one of the public IP addresses from the block of 50 to the private IP address of the server. This would be useful if you had 50 servers on your inside network, otherwise you are wasting your money with the block of 50 public addresses.
2. You could use that block of public IP addresses to address the inside network using public addresses versus private addresses. You would assign the router's inside interface and the PC's an address from the block of 50. NAT is not used and all hosts can be directly contacted from the Internet. This assumes you have less than 50 hosts. There really isn't any point in doing it this way.
If you don't have a need to setup static NAT's for 50 machines on the inside network, I would recommend "giving" the block of public IP addresses back to your provider as they are not necessary. If you have a need to setup one to one NAT's for a few servers, you can get away using PAT on the one public IP address or you could get a block of 4 or 8 addresses.
1. If you are using NAT on the router, the block of public IP addresses would be used for one to one NAT. An internal server would be assigned a static private IP address and a one to one NAT would be setup on the router associating one of the public IP addresses from the block of 50 to the private IP address of the server. This would be useful if you had 50 servers on your inside network, otherwise you are wasting your money with the block of 50 public addresses.
2. You could use that block of public IP addresses to address the inside network using public addresses versus private addresses. You would assign the router's inside interface and the PC's an address from the block of 50. NAT is not used and all hosts can be directly contacted from the Internet. This assumes you have less than 50 hosts. There really isn't any point in doing it this way.
If you don't have a need to setup static NAT's for 50 machines on the inside network, I would recommend "giving" the block of public IP addresses back to your provider as they are not necessary. If you have a need to setup one to one NAT's for a few servers, you can get away using PAT on the one public IP address or you could get a block of 4 or 8 addresses.
Wow, only seen these many addresses when one is running a webhosting company... If you are not, then do as JF suggests and give them back. Am sure it is costing you quite a bit for all those unused addresses......
FE
FE
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the input krazieintent and everyone else. That was my exact feeling. I asked the ISP why was I paying for such a large block of static IP's when only one routable IP address and NAT was getting the job done. I was unsure if maybe I needed to somehow assign another public IP address to the web server and one to the Exchange server.
From my understanding of krazieintent's explanation it sounds like one routable IP address and NAT is the correct setup and is accomplishing everything I need it too.
Can you assign one of the other static IP's to another server and still use the NAT configuration? Or is it all or nothing? Meaning either use one static IP and NAT or CIDR and many static IP addresses?
From my understanding of krazieintent's explanation it sounds like one routable IP address and NAT is the correct setup and is accomplishing everything I need it too.
Can you assign one of the other static IP's to another server and still use the NAT configuration? Or is it all or nothing? Meaning either use one static IP and NAT or CIDR and many static IP addresses?
If your webserver is going to be a public server, then it is best to use a private IP address on this, and use PAT to deliver request packets (if your router/firewall allows for PAT)... But if it is meant for internal use only (intranet), then you only need the one address.. My company has a block of 5 Ip addresses for our setup, and those take care of everything we need to do there. You certainly do not need the 50 though, whatever you are doing in your network, if you only have 2 servers being accessed from the WAN...
FE
FE
The thing about IPs NAT CIDR and the other different configurations is there is always a way of interchanging between them, allowing for maximum efficency.
You can most definently use another static public address for your webserver.
It depends on what you want your setup to be. If your webserver has a private address, then you will set your router to foward traffic on port 80 the http port to that private address to the web server. So to the outside world, your webserver will take on the same public IP address you have on your router interface. This is still safe and secure.
How ever if you wanted to have your webserver on another public IP address and not part of the private IPS, that is fine as well, and is quite possible. In this scenerio you would just configure the NIC with the IP and connect it to the internet(of course thru firewalls and of the sort). Of course you would then have two connections to the ISP.
But you have the choice of what you would like to do. Most companies use NAT and assign their webservers with internal addresses, and enable their routers to do port forwarding. Most times when a company has mroe then one web server the other is for redundancy purposes or as a backup web server, and they use a public IP for that, just incase the first internet connection ever fails, the other webserver can take its place.
When companies do this, they also like to perfer 2 different ISPs. I would also recommend using 2 different ISPs. This is called multi Homed. Reason is because say for example Verizon is your ISP and you have 2 connections from them comming into your office. If something ever happend internally to verizon, both of your connections go down and completely locks you out of connection to the internet.
Now say for example, you have 2 connections one from verizon, and the other from AT&T. If verizon goes down, your AT&T connection would still be up and all of your internet traffic could be diverted to tru the AT&T connection as well as having your webserver up.
It is very unlikely that both ISPs will be down at the same time.
But to sum up your original question, you can assign as many computers as youd like with static and still use NAT yes. The only thing is you would have to add the new networks to your router to enable communication between all the different IP address.
Hope this helps
Kevin
You can most definently use another static public address for your webserver.
It depends on what you want your setup to be. If your webserver has a private address, then you will set your router to foward traffic on port 80 the http port to that private address to the web server. So to the outside world, your webserver will take on the same public IP address you have on your router interface. This is still safe and secure.
How ever if you wanted to have your webserver on another public IP address and not part of the private IPS, that is fine as well, and is quite possible. In this scenerio you would just configure the NIC with the IP and connect it to the internet(of course thru firewalls and of the sort). Of course you would then have two connections to the ISP.
But you have the choice of what you would like to do. Most companies use NAT and assign their webservers with internal addresses, and enable their routers to do port forwarding. Most times when a company has mroe then one web server the other is for redundancy purposes or as a backup web server, and they use a public IP for that, just incase the first internet connection ever fails, the other webserver can take its place.
When companies do this, they also like to perfer 2 different ISPs. I would also recommend using 2 different ISPs. This is called multi Homed. Reason is because say for example Verizon is your ISP and you have 2 connections from them comming into your office. If something ever happend internally to verizon, both of your connections go down and completely locks you out of connection to the internet.
Now say for example, you have 2 connections one from verizon, and the other from AT&T. If verizon goes down, your AT&T connection would still be up and all of your internet traffic could be diverted to tru the AT&T connection as well as having your webserver up.
It is very unlikely that both ISPs will be down at the same time.
But to sum up your original question, you can assign as many computers as youd like with static and still use NAT yes. The only thing is you would have to add the new networks to your router to enable communication between all the different IP address.
Hope this helps
Kevin
ASKER
Thanks Kevin. This was always a subject that I kind of vaguely knew how things worked, but not enough to explain it to anyone else. Once again, thanks for all of your help!
Well hopefully my explainations will allow you to be able to explain to everyone else.
Glad I could help
- Kevin
Glad I could help
- Kevin
If you use 1 IP address on the router the machines that do not use one of the other 49 Static IP addresses will pick up a DHCP address (RFC1918) from the router.
You may find that some applications do not like using DHCP addresses but prefer to use static IP's
So you may find that you want to run a webserver inside your connection that may need a static IP. Maybe you can run 49 webservers! :-)
Andrew